Splunk Core Certified User — Question 209

Which search matches the events containing the terms `error` and `fail`?

Answer options

• A. index=security Error Fail
• B. index=security error OR fail
• C. index=security ג€error failureג€
• D. index=security NOT error NOT fail

Correct answer: A

Explanation

The correct answer is A because it specifically looks for events that contain both 'Error' and 'Fail' in the specified index. Option B uses 'OR', which would retrieve events containing either term, while options C and D do not accurately reflect the requirement to find both terms simultaneously.